Merge pull request #153 from fishilico/virt-leaseshelper

Signed-off-by: Chris PeBenito <pebenito@ieee.org>

policy/modules/services/virt.te

@@ -1305,6 +1305,8 @@ userdom_use_user_ptys(virt_bridgehelper_t)
 # Leaseshelper local policy
 #
 
+allow virt_leaseshelper_t self:process getsched;
+
 allow virt_leaseshelper_t virtd_t:fd use;
 allow virt_leaseshelper_t virtd_t:fifo_file write_fifo_file_perms;
 
@@ -1317,6 +1319,13 @@ files_pid_filetrans(virt_leaseshelper_t, virt_runtime_t, file)
 
 kernel_dontaudit_read_system_state(virt_leaseshelper_t)
 
+# Read /sys/devices/system/node/node*/meminfo
+dev_list_sysfs(virt_leaseshelper_t)
+dev_read_sysfs(virt_leaseshelper_t)
+
+# Read /etc/libnl/classid
+files_read_etc_files(virt_leaseshelper_t)
+
 ########################################
 #
 # Virtlockd local policy